CVE-2026-44962 – Plesk

CVSS 9.9 CRITICAL

“A critical vulnerability in a hosting control panel can expose every website and service it manages.”

WebPros released a patch for a critical vulnerability affecting Plesk. CVE-2026-44962 has a CVSS score of 10.0, which is Critical severity.

The vulnerability involves improper neutralization of data within XPath expressions, creating an XPath injection risk in affected Plesk environments. Successful exploitation could allow attackers to manipulate application queries, bypass intended security controls, and gain unauthorized access to sensitive information or administrative functions. The update strengthens input validation and query handling protections to reduce exposure.

Key Details

Attack Vector: Network
Attack Complexity: Low
Privileges Required: Low
User Interaction: None
CWE Classification: CWE-643

Patch this CVE on all your endpoints in under 5 minutes. First 200 endpoints are free forever, scale as needed.

CVE-2026-44962 – Plesk

Key Details

Stay Tuned

PLATFORM

SOLUTIONS

RESOURCES

COMPANY

LEGAL

CONTACTS

+1-346-444-8530

Toll Free: 833-444-8530

708 Main St, 10th FL, Houston, TX 77002